AT&T Faces $24M SIM Swap Lawsuit After Court Reversal
A court ruling has reopened a $24M lawsuit against AT&T, alleging negligence in a SIM swap attack that cost a crypto investor his funds.
AT&T is facing renewed legal trouble over a $24 million SIM swap case involving investor Michael Terpin, following a Ninth Circuit Court of Appeals ruling. This decision overturned a previous lower court ruling favoring the telecom giant, allowing Terpin’s lawsuit to move forward. The case highlights concerns about the role of telecom firms in safeguarding customer information.
The saga began in 2018, when Terpin was targeted by scammers who bribed an AT&T employee to transfer his phone number to a different SIM card. With access to his number, they could reset passwords and bypass two-factor authentication, leading to the theft of Terpin’s cryptocurrency. Despite taking extensive precautions, Terpin couldn’t prevent the attack. He then sued both AT&T and the hacker, Ellis Pinsky, seeking $24 million in damages. In April 2023, however, a judge ruled in favor of AT&T, dismissing most of Terpin’s claims and stating that the company wasn’t liable for the loss.
In October 2024, the Ninth Circuit reversed the ruling, stating that AT&T may have violated the Federal Communications Act by not adequately protecting Customer Proprietary Network Information (CPNI). This ruling allows Terpin to pursue additional claims for damages and attorney fees, which have now escalated to over $45 million. His lead attorney, Pierce O’Donnell, sees this as a landmark case that could set a precedent for holding telecom companies accountable for weak security practices.
Beyond Terpin’s personal battle, the case has broader implications for telecom customers. As more people use cryptocurrency, SIM swapping has become a growing threat. Many users rely on SMS-based two-factor authentication, which can be easily bypassed through SIM swaps. This incident has raised alarms about SMS-based security measures, with experts calling for more robust protection mechanisms.
Terpin emphasized that this isn’t just about his personal loss. He believes the ruling is crucial to ensuring companies take responsibility for protecting sensitive customer data. “This is not just my victory,” Terpin noted. “It’s about making sure firms are held accountable for safeguarding their customers’ information.”
